I edited out all the other BS that was going on. Thought i'd put it in the forums to keep track.

Quote

(11:04:13 AM) agentc0reWORK: danielk22, ddamron, TSCHAKWerk: Hey, so i have a semi working KDM init script... it's very ruff, and i've been searching on how to do this properly while also figuring out how pluto did it their custom way. My current script still uses their processes. I know you all wanted to be able to drop to the telinit 1 from the kdm script, but why? Also, i keep hearing that killing a process with kill -9 is a bad thing, but why? Thats another thing i don't understand right now.

(11:09:10 AM) danielk22: agentc0re: kill -9 prevents the process from shutting down cleanly.(11:09:26 AM) hari: yeah, -15 is better(11:09:28 AM) danielk22: agentc0re: but a normal kill should be safe(11:09:40 AM) TSCHAKWerk: agentc0reWORK: yes... when you SIGKILL, it causes the process to immediately detach... when you SIGTERM, you give a process time to close itself

(11:13:51 AM) agentc0reWORK: danielk22: Ah okay. that makes sense.(11:14:04 AM) TSCHAKWerk: agentc0reWORK: only use SIGKILL when you have to(11:14:08 AM) TSCHAKWerk: agentc0reWORK: big emphasis on have to(11:14:12 AM) agentc0reWORK: hari: i'll look that up, and look into it.(11:14:27 AM) agentc0reWORK: TSCHAKWerk: I'm not even using that command to kill things.(11:14:42 AM) hari: agentc0re -15 == SIGTERM(11:14:46 AM) agentc0reWORK: TSCHAKWerk: pluto wasn't either. they were doing a kill -9 pidofX(11:14:56 AM) TSCHAKWerk: agentc0reWORK: oh YIKES!(11:15:08 AM) TSCHAKWerk: that can leave video hardware in an unpredictable state!(11:15:10 AM) hari: i usually do a -15 first, -9 is a last resort weapon when the process misbehaves(11:15:37 AM) TSCHAKWerk: mirttex: since a core takes over the internal network, other machines can boot off of it, over the network(11:15:40 AM) hari: agentc0reWORK: they are sending a -9 to the X server?(11:15:47 AM) hari: not nice (11:15:48 AM) TSCHAKWerk: mirttex: once this happens, they get the LinuxMCE system.(11:16:00 AM) agentc0reWORK: danielk22: I'll experiment on my dev vbox and see if it's not killable nicely and if thats why they have it in there.(11:16:17 AM) agentc0reWORK: hari: yes, they are sending a -9 to the X server.

(11:18:29 AM) agentc0reWORK: Hari, TSCHAKWerk, danielk22: Before i started looking some stuff up on different KDM startup/shut down scripts i created mine to use the telinit process to start and shut everything down. everything works except for a restart. But again, im not sure if thats the best way to go about things.(11:19:14 AM) TSCHAKWerk: agentc0reWORK: well, we'll take a look at it..but i don't have a problem with it.

(11:19:55 AM) agentc0reWORK: TSCHAKWerk: In order for it to work like that, we also have to set suid to root on /sbin/telinit(11:20:00 AM) grepico left the room (quit: Read error: 110 (Connection timed out)).(11:20:02 AM) TSCHAKWerk: agentc0reWORK: ooo um..ouch...(11:20:07 AM) hari: posde: marko is already on my list (11:20:12 AM) TSCHAKWerk: agentc0reWORK: would RATHER NOT do that.(11:20:37 AM) hari: agentc0reWORK: setuid is bad, use sudo instead if there is no other solution(11:20:39 AM) TSCHAKWerk: agentc0reWORK: let's try to find a way to do a limited privilege escalation.(11:20:56 AM) TSCHAKWerk: agentc0reWORK: either with sudo or whatever.(11:23:48 AM) agentc0reWORK: TSCHAKWerk, hari; if we were to use sudo in a script though, a user would be prompted to type in the password which is something we definitely do not want to do.(11:24:33 AM) hari: agentc0reWORK: you can use the NOPASSWD directive with sudo(11:25:08 AM) agentc0reWORK: TSCHAKWerk, hari: didn't know about that one. how does that work?(11:25:47 AM) hari: agentc0reWORK: eg admin ALL = NOPASSWD: ALL(11:26:03 AM) hari: kampfpanzer: google sudo NOPASSWD(11:26:04 AM) kampfpanzer: sudo NOPASSWD: http://www.gratisoft.us/sudo/man/sudoers.html

(1:00:02 PM) agentc0reWORK: danielk22, TSCHAKWerk, hari, Hey i am back. I got wrapped up in work but i'm taking my lunch now. So back to the sudo thing. I'm not sure it would be a good thing, either, to have a specific user with nopassword rights to execute telinit either. isn't that really just another way of setuid root on telinit? Maybe there are other security risks involved with doing a setuid.

(1:01:12 PM) agentc0reWORK: Also, setting the KDM script to telinit 1. Is that what we really want it to do? we want an option for it to drop there or do we just want people to type in that command? i mean it's really all the same thing. Maybe there was something else you guys had in mind with having that script do that?

I think you missed one of my responses. The stuff about telinit was only intended, by me at least, as an example of why working start,stop,restart would be useful for the kdm script.

The telinit example was twofold: 1/ you could keep things as is with init levels, but with a working stop on the kdm script, a developer could switching to the single user level to do something like install new video drivers then switch back to the regular run level instead of needing to reboot. 2/ you could also create a new runlevel for AVWizard, so that you would not need to reboot to run the AVWizard.

Both of these examples require a root priviledges to execute, but this is ok; you don't want non-priviledged processes to do either of these things.